05-13-2022 01:36 AM
HI
Cab anyone tell me whats causing the below please and possible fix . also below warnings are some tests I ran which were succesful
Thanks
May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] The curl option for ip verify_peer=1 verifyhost=0
May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] List 8527413e-6167-11e1-a8bf-e99ce99bfdf1 being updated up_freq: 0 need_update: 0
May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] SF List Sourcefire_Intelligence_Feed being updated
May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining: 2
May 13 07:29:37 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining: 1
May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Download unsucessful: SSL peer certificate or SSH remote key was not OK
May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Cannot download 8527413e-6167-11e1-a8bf-e99ce99bfdf1
May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] The curl option for dns verifypeer=1 verifyhost=0
May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:URLDNS [INFO] List 43d5bee1-bd7d-4fe3-a1dd-1101181aed48 being updated up_freq: 0 need_update: 0
May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:URLDNS [INFO] SF URL/DNS List Cisco_DNS_Intelligence_Feed being updated
May 13 07:29:39 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining: 2
May 13 07:29:40 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining: 1
May 13 07:29:41 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Download unsucessful: SSL peer certificate or SSH remote key was not OK
May 13 07:29:41 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Cannot download 43d5bee1-bd7d-4fe3-a1dd-1101181aed48
---------------------------------------------------------------------------------------------------
admin@CFMC-01:~$ sudo ping intelligence.sourcefire.com
PING intelligence.sourcefire.com (198.148.79.58) 56(84) bytes of data.
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=1 ttl=47 time=99.1 ms
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=2 ttl=47 time=98.6 ms
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=3 ttl=47 time=100 ms
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=4 ttl=47 time=98.5 ms
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=5 ttl=47 time=98.9 ms
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=6 ttl=47 time=99.5 ms
64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=7 ttl=47 time=98.0 ms
^C
--- intelligence.sourcefire.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6000ms
rtt min/avg/max/mdev = 98.099/99.087/100.598/0.794 ms
---------------------------------------------------------------------------------------------------------------------------
admin@CFMC-01:~$ sudo telnet intelligence.sourcefire.com 443
Trying 198.148.79.58...
Connected to intelligence.sourcefire.com.
Escape character is '^]'.
--------------------------------------------------------------------------------------------------------------------------------
admin@CFMC-01:~$ sudo nslookup intelligence.sourcefire.com
Non-authoritative answer:
Name: intelligence.sourcefire.com
Address: 198.148.79.58
Name: intelligence.sourcefire.com
Address: 2620:28:c000:0:aba:ca:daba:58
Solved! Go to Solution.
05-13-2022 05:08 AM
05-13-2022 01:42 AM
05-13-2022 02:15 AM
Hi
@benolyndav does your FMC trust the root certificate in use?
Trust what Root Cert ? which one do I look for ??
Are you decrypting the SSL traffic?
Default SSL policy do not decrypt
05-13-2022 04:15 AM
@benolyndav the root certificates of intelligence.sourcefire.com. You can open that URL in a browser to determine the root certificates and then check the FMC to determine if you have the certificates.
What version of FMC/FTD are you running?
Has this ever worked or a new issue?
05-13-2022 04:49 AM
Hi Rob
Version 6.6.5
and yes I started noticing the warning message a while ago but was advised it was a bug, now im not sure
I do see the identTrust certs in Cisco trusted ca groups although I dont see the HydrantID cert which I see in the chain when i browse to the site.??
05-13-2022 05:08 AM
05-13-2022 09:21 AM
In addition to what @Rob Ingram correctly noted, there's also a Field Notice advising customers on this issue:
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html
05-17-2022 04:17 AM
Thanks Marvin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: